<?php
function con() {
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("main")or die(mysql_error());
$connected = $_SESSION['connected'] = true;
}
function getinfo() {
$string = "SELECT * FROM info";
$q = mysql_query($string) or die(mysql_error());
while($query = mysql_fetch_array($q)) {
echo "id: " . $query['id'] . $query['msg'] . "<BR>";
}
}
function writeform() {
echo '
<form action="" method="post">
<table bgcolor="#111" width="274" border="0" align="center">
<tr>
<td colspan="2" align="center" bgcolor="#333">Authentication Required</td>
</tr>
<tr>
<td width="94" align="center" bgcolor="#333">Username:</td>
<td width="170" align="center" bgcolor="#333"><input type="text" name="username"></td>
</tr>
<tr>
<td align="center" bgcolor="#333">Password :</td>
<td align="center" bgcolor="#333"><input type="password" name="password"></td>
</tr>
<tr>
<td colspan="2" align="center" bgcolor="#333"><input type="submit" name="submit" value="login"></td>
</tr>
</table>
</form>';
}
function checklogin() {
if(isset($_SESSION['loggedin']) and isset($_POST['username'])) {
$_SESSION['username'] = $username;
echo "Logged in as user : $username";
} else { include("news.php");}
}
function login() {
if(isset($_POST['username']) and isset($_POST['password'])) {
$username = $_POST['username'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = $_POST['password'];
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
}
$sql_string = "SELECT * FROM login WHERE username = '$username' and password = '$password'";
$sql_query = mysql_query($sql_string) or die (mysql_error());
if(mysql_num_rows>0){
echo "Logged in successfully";
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
} //end mysql_num_rows
}
function secureuserpost() {
//testing$isset = Array(id,username,password,location,website,facebook,occupation,avatar,active)
$id = NULL;
$username = $_POST['username'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
global $username;
$password = $_POST['password'];
$password = stripslashes($password);
$password = mysql_real_escape_string($password);
global $password;
$location = $_POST['location'];
$location = stripslashes($location);
$location = mysql_real_escape_string($location);
global $location;
$website = $_POST['website'];
$website = stripslashes($website);
$website = mysql_real_escape_string($website);
global $website;
$facebook = $_POST['facebook'];
$facebook = stripslashes($facebook);
$facebook = mysql_real_escape_string($facebook);
global $facebook;
$occupation = $_POST['occupation'];
$occupation = stripslashes($occupation);
$occupation = mysql_real_escape_string($occupation);
global $occupation;
$avatar = $_POST['avatar'];
$avatar = stripslashes($avatar);
$avatar = mysql_real_escape_string($avatar);
global $avatar;
}
function adminlogincheck() {
//fix later//
if(isset($_SESSION['loggedin']) and isset($_POST['username'])) {
if(isset($_POST['submit'])) {
if(isset($_POST['username']) and isset($_POST['password'])) {
$username = $_POST['username'];
$username = stripslashes($username);
$username = mysql_real_escape_string($username);
$password = $_POST['password'];
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
} //end if $_POST['username'] and password
$sql_string = "SELECT * FROM admin_login WHERE username = '$username' and password = '$password'";
$sql_query = mysql_query($sql_string) or die (mysql_error());
if(mysql_num_rows>0){
echo "Logged in successfully";
$_SESSION['loggedin'] = true;
$_SESSION['username'] = $username;
} //end mysql_num_rows
}/*end isset $_POST['submit'] */ else {
echo "nothing submitted";
}
} //end login checkup
else writeform();
} //end function
function addinfo($data) {
con();
$msg = $_POST['msg'];
$msg = stripslashes($msg);
$msg = mysql_real_escape_string($msg);
$insert_query_line = "INSERT INTO info (id, msg) VALUES (NULL, '$msg')";
$data = mysql_query($insert_query_line) or die ("<center>" . "<pre>" . "Error Adding Values:" . mysql_error() . "</pre>" . "</center>");
}
function adduser($id,$username,$password,$location,$website,$facebook,$occupation,$avatar,$active) {
secureuserpost();
$q = "INSERT INTO login (id,username,password,location,website,facebook,occupation,avatar,active) VALUES ($id,$username,$password,$location,$website,$facebook,$occupation,$avatar,'no')";
$query = mysql_query($q) or die(mysql_error());
}
?>
我正在研究这个PHP功能列表,以使事情变得更容易..我到目前为止我顺利吗? 我应该停下来吗? 难道我做错了什么?
- 写回答
- 好问题 0 提建议
- 追加酬金
- 关注问题
- 邀请回答
-
1条回答 默认 最新
- duanjiaren8188 2010-10-10 00:05关注
Not terrible, but I have some suggestions:
None of your functions have parameters. Instead, you use only global variables. There is no need to do this. You can have
function securepost($key) { return isset($_POST[$key]) ? stripslashes(mysql_real_escape_string($_POST[$key])) : NULL }
Then instead of sanitizing your post vars as you need them, you can just call
$var = post('password'); //etc.
functions are really supposed to be wrappers for common behavior, macros in a way. You don't need to define entire specific behavior and encapsulate them in functions.
mysql_connect("localhost", "root", "") or die(mysql_error()); is redundant. mysql_connect() already asserts a warning if it fails.
In getinfo(), you don't need to do SELECT *. Just select the data you need like SELECT id, msg ...
mysql_num_rows should be mysql_num_rows() I think.
解决 无用评论 打赏 举报
悬赏问题
- ¥15 Vue3 大型图片数据拖动排序
- ¥15 划分vlan后不通了
- ¥15 GDI处理通道视频时总是带有白色锯齿
- ¥20 用雷电模拟器安装百达屋apk一直闪退
- ¥15 算能科技20240506咨询(拒绝大模型回答)
- ¥15 自适应 AR 模型 参数估计Matlab程序
- ¥100 角动量包络面如何用MATLAB绘制
- ¥15 merge函数占用内存过大
- ¥15 使用EMD去噪处理RML2016数据集时候的原理
- ¥15 神经网络预测均方误差很小 但是图像上看着差别太大